U.S. government accuses Russia in official statement of cyberattacks on large-scale government agencies



In December 2020,

it was reported that a large-scale cyber attack on a US government agency caused damage such as monitoring the contents of emails . So far, the US government has avoided formal mention of certain countries that support hackers, but in a newly released official statement accuses hacker groups of being organized by Russia.

Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) | CISA
https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure

US intelligence community says Russia is? Likely? Behind major, ongoing cyberhacks of federal agency --The Washington Post
https://www.washingtonpost.com/national-security/us-intelligence-community-says-russia-is-likely-behind-major-ongoing-cyber-hacks-of-federal-agencies/2021/01/05/ f2d4b318-4f94-11eb-bda4-615aaefd0555_story.html

US government formally blames Russia for SolarWinds hack | ZDNet
https://www.zdnet.com/article/us-government-formally-blames-russia-for-solarwinds-hack/



In a large-scale cyber attack reported in December, a

Trojan horse 'SUNBURST (SUNBURST) was added to the update of' Orion ', an IT infrastructure management system of SolarWinds , a cyber security company whose customers are government agencies. It turns out that it was loaded with a malware called 'Solorigate)'.

SUNBURST includes a backdoor that communicates with external servers over HTTP, performing file transfers, file execution, system profiling, machine restarts, disabling system services, etc., for Orion to work properly. He said he was stealing data by pretending to be. SolarWinds For hacker attacks, to be a 'highly sophisticated, manual of supply chain attack by the target has been narrowed down state' he says .

According to security company FireEye, there were multiple update files with SUNBURST in circulation from March to May 2020, all of which contained a legitimate digital signature by SolarWinds. In response to this situation, the US government has issued an emergency alert to stop using Orion immediately, and Microsoft is being forced to seize the domain used for hacking.

The malware in question could have been distributed to approximately 18,000 institutions and companies, including the United States Department of State, the National Telecommunications Information Agency (NTIA), the US Department of Homeland Health, and the Cybersecurity and Infrastructure Security Agency (CISA). , United States Department of Homeland Security, United States Department of State and other state agencies have been damaged. Microsoft President Brad Smith said it was 'one of the most serious cyberattacks I've seen in the last decade.'

What is the attack on SolarWinds' Orion Platform, which Microsoft president says is 'one of the most serious cyberattacks in the last decade?' --GIGAZINE



The Washington Post and other media outlets and security companies have previously pointed out a link to the Russian government-backed hacker group CozyBear (APT29) . Secretary of State Mike Pompeo also personally stated that 'Russia is involved in cyber attacks,' while the U.S. government does not officially link hacker groups to any particular country. was.

However, the integrated task force consisting of the Federal Bureau of Investigation (FBI), CISA, Director of National Intelligence (ODNI), and National Security Agency (NSA) established by the US National Security Council in response to this cyber attack was established in 2021. In an official statement released on January 5, 'Our findings show that APT attack actors, who are likely to originate from Russia, are responsible for most or all of the cyber breaches found in government and private networks. It shows that there is, 'he said, and for the first time officially associated Russia with a group of hackers.

ZDNet, a foreign media outlet, said the statement denied the rumor that 'President Trump received support from Russia in the 2016 presidential election, so we may not be able to officially blame Russia.' ..


by Dmitry Djouce

The statement also points out that of the 18,000 organizations that have updated the Orion platform, few have been compromised in the second phase, which is important for stealing data. So far, less than 10 U.S. government agencies have been targeted for data breaches, and government and private sector officials have returned Christmas and New Year holidays to investigate damage and fix problems. It is said that it is doing.

Also note that ZDNet and The Washington Post stated in this statement that hacking through SolarWinds was 'an information gathering effort.' Behind the clear claim that hacking was for information gathering, he wanted to put an end to the conspiracy theory that 'a series of hacks may have been done to influence the outcome of the 2020 presidential election.' The media say there is speculation.

in Security, Posted by log1h_ik